The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.
Various strategies exist for an attacker to attempt to gain unauthorized access and perform unauthorized actions on web sites. Some attackers will try to load pages from within browser frames and iframes under their page. This technique may be used in clickjacking, but there might be other reasons and over time there might be specific vulnerabilities they might try to exploit. Frame busting is the concept of trying to bust out of such framing by un-authorized pages. The current standard approach is within a page that should not be framed, the browser checks to determine if it is framed, and if it is, it can be “busted” to a main page by setting window.location (or something similar) to a framed URL.
Clickjacking is a way to trick the user into thinking he/she is clicking/typing on one object while he/she is actually interacting with another. For example, if the user opens a browser window to ‘evil.com’ that will have a label and a button next to it. In addition the window may also have another iframe with, for example, src=<bad_action_url>. This iframe may have an opacity of 0 so it is hidden from the user, but still active (another approach it to make only parts of it visible with sizes and scrolling or using plugins that overlay above it). As the user moves the mouse over the button and clicks, he/she will actually click on the invisible iframe button.